• Greetings to all,

    We are experiencing a slow browsing but when we check our internet speed on speedtest.net the result is good. What may cause the problem of this? Is there a problem on the pfsense? We notice also the computer where we installed the pfsense is constantly reading on the harddrive. We also notice that disk usage is 43% of 886Gb. Should we reformat our pfsense?

    Greatly appreciated your any help on this.

    Thank you in advance

  • Are you using Squid/SquidGuard?

  • Yes, Im using squid and squidguard.

    Is there a problem on this packages?

  • Not necessarily, but it would help explain the behaviour.  You say the disk is always busy.  That is likely your problem.  Did you change the cache settings from the defaults when you configured Squid?  As a test, you could disable SquidGuard and see if that makes a difference.  At the least, it will isolate the problem to either Squid or SquidGuard.  My guess is that it's Squid writing to its cache and something is wrong.  Look in your System log to see if anything looks wrong.

  • Yes. I change the cache setting. Is it normal to expand that size of the hard disk? My pfsense is running almost 2 years only. What im looking if i disable the squidguard?

  • If you disable SquidGuard then you won't be able to do any URL filtering, but it would tell you for sure which one is the cause of the problem.  If web browsing is fast with SquidGuard disabled then you know it is the problem.  If slow browsing continues after SquidGuard is stopped then it means the problem was Squid.

    What version of pfSense are you using?  Is this on an appliance or a PC or virtual?  How big is your cache?  I suspect that your cache is so large with so much content that it takes time to search it for hits.  If you go to SSH shell and run this:

    du -skh /var/squid/*

    What does it come back with?

  • I configure the hard disk cache size is 3000mb. Is this to big? Do I need to reformat the pfsense? It is on PC

  • personally i only run squid cache in memory. HD cache's are almost allways slower then just fetching it from the web on modern high-speed connections.

  • As a test, try stopping Squid/SquidGuard, clearing your cache and then restarting see if you see any improvement.

  • My disk usage was already 43% of 886Gb Hard disk space. The PC is continious reading. Is this behaviour normal? How can we clear the cache?

    I'm already planning to reformat the pfsense. Is this adviseable?

    Thank you in advance.

  • Are you running this at a home or business?

  • You can clear the cache after you stop Squid by going in through SSH shell and running:

    rm -rf /var/squid/cache
    squid -z

    Normally you would copy the cache somewhere to preserve it, but you have barely enough space and you said you might redo the whole thing anyway.  I wouldn't redo it unless you think you have major problems with multiple aspects of pfSense.

  • I'm using it on business

    What do you mean redo the whole thing? Did you mean that reformat the PC and reinstall the pfsense again?

    In our situation, is it normal to have that high used disk space?

  • In a business:

    1.  43% of 886Gb - This would be normal if you gave pfsense squid a cache size that big and if lots of people were using it to visit lots of various sites.

    2.  Should it always be reading from the drive?  Ideally yes.  If lots of people are using it.  It would be nice if you get a high percentage of cache hits.  If you want your internet to be fast when reading from cache, make sure you have a damn fast drive, Perhaps a really fast ssd  on a very fast interface and a good fast processor.

    Basically, squid will seek to fill as much cache as you give it.  Not sure if you need 886Gb.  Depends on your organization.  I never managed to use more than 12% of 50GB myself.

    BTW - Do you have over 50GB of ram in that box?  I would normally want to size my cache to be not more than 20x my ram available for indexing all that cache.

  • Below are my PC specification
    -> Intel i7 3.6Ghz
    -> 1Tb HDD
    -> 8GB ram

    How many people you are pertaining? Right now we have around 60 to 70 persons.

    Thank you in advance.

  • What do you mean cache hits?

  • You should probably resize your squid cache to be about 25GB or so.  Really don't need more.

    I'd pull out the big huge 1TB drive and replace it with a 64GB SSD.

    Use the 1TB drive for file storage in some other machine.

  • Cache hit = how often does "internet" get served up from your squid instead of from normal internet bandwidth.

    To speed up your internet, give about 4GB of RAM to ram cache.

    Make squid cache about 25 GB or so.

    You can make it larger, but you won't gain any benifit from it.

    I suspect your internet is being slow because 886GB * 43% =  265GB * .06 = 16GBRam needed to index such a large cache.

    There is a such thing as too big.

    Basically I bet your ram is used more than 100%

  • Right now, 19% of 8GB is used for memory usage. I will try to change the configuration.

  • You don't need much for those few people.

    A good reliable fast configuration is what will work best for you.

    How fast is your internet connection (upload and download) and do you have monthly download/upload limits?

    You could probably install ESXI on that machine, give 2 cores and 2GB to pfsense and run 3 other Virtual servers/machines on the same hardware.

  • I have this feeling that you are abit new to pfsense and perhaps to all of this.

    You have quite a bit of machine there that is far more capable that what pfsense will require for the task.

    I think you should take that 1 computer and use it for not only for pfsense but for many servers.

    I'd hate to see good money go to waste.  You can get alot out of it.

  • Honestly. Yes im new to pfsense.

    One of my officemate suggesting to use a asus router as a replacement of the ofsense but in my own opinion i'm much more comfortable to the pfsense.

    What do you suggest? As of now my option is to reformat the pc and install again the pfsense.

  • Squid is almost useless these days for caching.  More often it's used as a base for URL filtering with SquidGuard.  Even with dynamic content settings, my cache hit rate never seems to be more than 5-7%.  It's hardly worth it.

    I think your cache is definitely too big.

  • Do you have a suggestion that can replace squid and squidguard?

  • Not really.  I use them for URL filtering.  I don't really care about the caching part since we have a fast fibre linkand tons of bandwidth.

  • What KOM is saying is that there is nothing wrong with squid as part of squidguard.  Just make your cache smaller.  Alot smaller.  Not more than about 25GB.  Honestly it doesn't even need to be that big.

    Pfsense will work very well for you and can do so usually with a relatively small SSD.  Disk speed is your friend.

    But yeah.  You could run pfsense on 2 cores for your needs.

    I do suggest pfsense though.  Its much nicer and feature rich than pretty much everything else.